#!/bin/sh

ATTEMPT_HMAC_LINK_CREATION=0

is_suse11_platform_with_openssl1(){
  if [ -e /etc/SuSE-release ];then
     VERSION=`cat /etc/SuSE-release|grep "VERSION = 11"|awk 'FS=":"{print $3}'`
     if [ ! -z "$VERSION" ];then
        which openssl1>/dev/null 2>&1
        if [ $? -eq 0 -a $VERSION -eq 11 ];then
           return 0
        fi
     fi
  fi
  return 1
}

verify_ssl_version() {
    is_suse11_platform_with_openssl1
    if [ $? -eq 0 ];then
       SSL_VERSION=`openssl1 version | awk '{print $2}'`
    else
       SSL_VERSION=`openssl version | awk '{print $2}'`
    fi

    case "$SSL_VERSION" in
        1.0.*)
            LIB_SUFFIX="1.0.0"
            ATTEMPT_HMAC_LINK_CREATION=1
            ;;
        1.1.*)
            LIB_SUFFIX="1.1.0"
            ATTEMPT_HMAC_LINK_CREATION=1
            ;;
        *)
            echo "Error: OpenSSL version '${SSL_VERSION}' is not supported. Supported versions of OpenSSL are:" >&2
            echo "    1.0.*, and 1.1.*." >&2
            exit 2
            ;;
    esac
}

create_ssl_links() {
    # Where should the SSL links be installed?
    LIBRARY_DIR='/opt/omi/lib'

    # Define the names of HMAC (FIPS mode) linkages
    SSL_HMAC_LINK=${LIBRARY_DIR}/.libssl.so.${LIB_SUFFIX}.hmac
    CRYPTO_HMAC_LINK=${LIBRARY_DIR}/.libcrypto.so.${LIB_SUFFIX}.hmac

    # If OMI's library directory is added to the system default search path
    # (output of 'ldconfig -p'), we can create circular links inadvertantly.
    # Resolve this by removing links before looking at what openssl uses.

    [ -e ${LIBRARY_DIR}/libssl.so.${LIB_SUFFIX} ] && rm ${LIBRARY_DIR}/libssl.so.${LIB_SUFFIX}
    [ -e ${LIBRARY_DIR}/libcrypto.so.${LIB_SUFFIX} ] && rm ${LIBRARY_DIR}/libcrypto.so.${LIB_SUFFIX}

    [ -e ${SSL_HMAC_LINK} ] && rm $SSL_HMAC_LINK
    [ -e ${CRYPTO_HMAC_LINK} ] && rm $CRYPTO_HMAC_LINK

    # If LD_LIBRARY_PATH contains a path to the directory that we're creating
    # links in (i.e. /opt/omi/lib), it affects the output of ldd such that we
    # can create a circular link ... (unset resolves that)
    unset LD_LIBRARY_PATH

    is_suse11_platform_with_openssl1
    if [ $? -eq 0 ];then
       OPENSSL_PATH=`which openssl1`
    else
       OPENSSL_PATH=`which openssl`
    fi

    LIBSSL_PATH=`ldd ${OPENSSL_PATH} | grep libssl.so | awk '{print $3}'`
    if [ $? -ne 0 ] || [ ! -e "${LIBSSL_PATH}" ]; then
        echo "Error: Unable to determine libssl.so path" >&2
        exit 2
    fi
    LIBCRYPTO_PATH=`ldd ${OPENSSL_PATH} | grep libcrypto.so | awk '{print $3}'`
    if [ $? -ne 0 ] || [ ! -e "${LIBCRYPTO_PATH}" ]; then
        echo "Error: Unable to determine libcrypto.so path" >&2
        exit 2
    fi

    ln -s ${LIBSSL_PATH} ${LIBRARY_DIR}/libssl.so.${LIB_SUFFIX}
    ln -s ${LIBCRYPTO_PATH} ${LIBRARY_DIR}/libcrypto.so.${LIB_SUFFIX}

    # Create .hmac linkages so we have a chance to work in FIPS mode
    if [ $ATTEMPT_HMAC_LINK_CREATION -eq 1 ]; then
        # There may be "hidden" .hmac files - if they exist, create links to them as well

        SSL_HMAC=`dirname $LIBSSL_PATH`/.`basename $LIBSSL_PATH`.hmac
        if [ -f "${SSL_HMAC}" ]; then
            ln -s ${SSL_HMAC} $SSL_HMAC_LINK
        fi

        CRYPTO_HMAC=`dirname $LIBCRYPTO_PATH`/.`basename $LIBCRYPTO_PATH`.hmac
        if [ -f "${CRYPTO_HMAC}" ]; then
            ln -s ${CRYPTO_HMAC} $CRYPTO_HMAC_LINK
        fi
    fi
}


id=`id | cut -f2 -d'(' | cut -f1 -d')'`

if [ "$id" != "root" ]; then
    echo >&2
    echo "************************************************************" >&2
    echo "* Warning: SSL configuration not performed (requires root  *" >&2
    echo "* privileges).                                             *" >&2
    echo "************************************************************" >&2
    echo >&2
    exit 3
fi

verify_ssl_version
create_ssl_links
exit 0
